Lazarus Group and two of its sub-groups, Bluenoroff and Andariel, are controlled by North Korea’s primary intelligence agency, the Reconnaissance General Bureau (RGB), which is also involved in arms trading, the Treasury Department said in a release.
The groups have “likely stole around $571 million in cryptocurrency alone, from five exchanges in Asia between January 2017 and September 2018,” according to the department.
“Treasury is taking action against North Korean hacking groups that have been perpetrating cyberattacks to support illicit weapon and missile programs,” said Sigal Mandelker, under secretary for terrorism and financial intelligence. “We will continue to enforce existing U.S. and U.N. sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”
The U.S. government’s action makes it easier to seize any assets the hacking groups may have within the jurisdiction of American financial institutions, though they are likely to be limited if they exist at all.
Lazarus Group was created in 2007 and infamously hacked Sony Pictures Entertainment in 2014, shortly before the release of “The Interview,” a comedy about an assassination plot against Kim Jong Un.
Lazarus was also responsible for the 2007 WannaCry 2.0 ransomware attack that affected at least 150 countries and shut down about 300,000 computers, crippling one-third of the U.K.’s National Health Service hospitals.
The group targets governments and militaries, as well as entertainment, financial, manufacturing, media, publishing and international shipping companies, the Treasury Department said. Its tactics include destructive malware, cyberespionage, money heists and theft of data.
North Korea formed the Bluenoroff group so it could hack financial institutions in response to increased economic sanctions. By 2018, the group had attempted to steal more than $1.1 billion and had reportedly carried out successful attacks on banks in Bangladesh, Chile, India, Mexico, Pakistan, Philippines, South Korea, Taiwan, Turkey and Vietnam.
The group targeted at least 16 organizations in 11 countries, Treasury said. It also with Lazarus Group to steal some $80 million from the Central Bank of Bangladesh’s New York Federal Reserve account.
“By leveraging malware similar to that seen in the SPE cyberattack, Bluenoroff and Lazarus Group made over 36 large fund transfer requests using stolen SWIFT credentials in an attempt to steal a total of $851 million before a typographical error alerted personnel to prevent the additional funds from being stolen,” Treasury said.
The third group sanctioned Friday, Andariel, was first seen in 2015 and is said to target South Korea in order to “collect information and to create disorder,” the Treasury Department said. In 2016, the group hacked the South Korean defense minister’s personal computer and targeted the Defense Ministry’s intranet to steal military intelligence.
Andariel conducts malicious hacking operations within the defense industry, businesses, financial services infrastructure, foreign businesses, governments and private corporations, the Treasury Department said.
The group also developed malware to hack online poker and gambling sites and hacked into ATMs to steal bank card information in order to either withdraw cash or steal customer information for sale via the black market.
The Associated Press contributed to this report.
Please decide if you believe this news to be real or fake.
Let's combat fake news together.